Azure VPN Gateway Explained in Simple Language

Think of it as a bridge between your on-premises network and Azure, allowing them to communicate safely.

What a VPN Gateway Does:
- It encrypts the data going between your networks so that it's safe, even though it's traveling over the public internet.
- The gateway ensures that no unauthorized parties can see the data, making it secure.
When Do You Use It?:
- When you want to connect your on-premises data center or office network to your Azure VNet.
- When you want to connect two or more Azure VNets together securely.
- When you want users to connect remotely (from home, for example) to your Azure network securely.

Site-to-Site (S2S) VPN:
- This is like creating a permanent, always-on connection between your on-premises network (like your office or data center) and your Azure VNet.
- It’s used for large networks, so your entire office network can securely communicate with Azure.
- The connection goes over the public internet, but it’s encrypted for security.
Point-to-Site (P2S) VPN:
- This is a temporary connection for individual devices. Think of it as how you connect to a corporate network from your laptop when working remotely.
- Employees can use it to securely connect to Azure from anywhere over the internet, like working from home or traveling.
- No need for a dedicated device—just the client software on your laptop.
VNet-to-VNet VPN:
- This connects two Virtual Networks (VNets) in Azure, either in the same region or across different regions.
- Useful if you have multiple VNets and want them to securely communicate with each other.

Gateway Subnet:
- To create a VPN gateway, you must first create a gateway subnet in your VNet. This subnet contains the IP addresses for the gateway itself.
- It’s like setting aside a special part of your network to handle secure connections.
Gateway Types:
- There are two types of VPN gateways in Azure: Route-based and Policy-based.
  - Route-based is the most common type and uses routing tables to direct traffic.
  - Policy-based uses predefined IP address sets to define which traffic can go through the tunnel.
VPN Gateway SKUs:
- Azure offers different performance levels (SKUs) for VPN gateways, depending on how much traffic you need to handle and the level of redundancy you require. Examples include Basic, Standard, and High Performance.
Gateway Configuration:
- Once the gateway is set up, you configure it with the details of the network you’re connecting to (for example, your on-premises network).
- The VPN Gateway on Azure and the device in your on-premises network will use IPsec/IKE protocols to establish and maintain the secure connection.

Secure Data Transmission: All data is encrypted, ensuring it is protected during transit.
Seamless Connection: It can create an always-on connection between your on-premises network and Azure, making Azure resources feel like they are part of your local network.
Remote Access: Employees or users can connect to the Azure VNet from anywhere securely using Point-to-Site VPN.
Flexibility: You can connect multiple types of networks (on-premises, remote workers, or even other VNets) to your Azure environment securely.

Dependent on the Public Internet: Since VPN Gateway uses the public internet, the speed and reliability are not guaranteed. It can be slower than dedicated private connections like ExpressRoute.
Latency: Because the connection goes over the public internet, there might be some delay, especially for large data transfers.

Azure VPN Gateway helps you securely connect different networks, such as your office’s network and Azure, over the public internet.
It encrypts the data for secure transmission, making it safe even over the internet.
There are different types of VPN connections: Site-to-Site (S2S) for connecting office networks, Point-to-Site (P2S) for individual users, and VNet-to-VNet for connecting two Azure VNets.

In short, Azure VPN Gateway provides a simple way to extend your on-premises network to the cloud securely.

Shivaram Babar